Hello,
we have an initial setup for the new sso.debian.org based on client
certificates. Certificate generation is on sso.debian.org and
contributors.debian.org and nm.debian.org already accept certificate
authentication.
I would like to have some code review and QA before announcing it
widely.
Basic documentation is here:
https://wiki.debian.org/DebianSingleSignOn#Experimental_new_SSO
The system is based on client certificates generated via SPKAC. The
server-side code that generates the certificates is in this Django app:
http://anonscm.debian.org/cgit/debian-sso/debian-sso.git/tree/spkac
If you do not know Django but know openssl quite well, you can help a
lot by auditing this source:
http://anonscm.debian.org/cgit/debian-sso/debian-sso.git/tree/spkac/ca.py
Client-side, this is the apache configuration:
https://wiki.debian.org/DebianSingleSignOn#Documentation_for_web_application_owners-1
This is the bit that verifies certificates, if you are familiar with
Django auth machinery, I'd especially welcome your input:
http://anonscm.debian.org/cgit/nm/dc.git/tree/django_dacs/auth.py
The git repository for all the sites is linked at the bottom of every
page. QA-wise, I could especially use patches that add some helpful text
to the pages that do certificate generation, as I feel like I have too
much of the backend in my head to be able to generate meaningful help
text. The templates are here:
http://anonscm.debian.org/cgit/debian-sso/debian-sso.git/tree/spkac/templates/spkac
Thanks!
Enrico
--
GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini <enrico@enricozini.org>
Attachment:
signature.asc
Description: Digital signature